Title :
An Experimental Study of Diversity with Off-the-Shelf AntiVirus Engines
Author :
Gashi, Ilir ; Stankovic, Vladimir ; Leita, Corrado ; Thonnard, Olivier
Author_Institution :
Centre for Software Reliability, City Univ. London, London, UK
Abstract :
Fault tolerance in the form of diverse redundancy is well known to improve the detection rates for both malicious and non-malicious failures. What is of interest to designers of security protection systems are the actual gains in detection rates that they may give. In this paper we provide exploratory analysis of the potential gains in detection capability from using diverse AntiVirus products for the detection of self-propagating malware. The analysis is based on 1599 malware samples collected by the operation of a distributed honeypot deployment over a period of 178 days. We sent these samples to the signature engines of 32 different antivirus products taking advantage of the virus total service. The resulting dataset allowed us to perform analysis of the effects of diversity on the detection capability of these components as well as how their detection capability evolves in time.
Keywords :
computer viruses; software fault tolerance; system recovery; distributed honeypot deployment; diverse redundancy; fault tolerance; malicious failure detection; off-the-shelf antivirus engine; off-the-shelf software; security protection system; self-propagating malware detection; software reliability; virus total service; Engines; AntiVirus detection engine analyis; cluster analysis; malware detection;
Conference_Titel :
Network Computing and Applications, 2009. NCA 2009. Eighth IEEE International Symposium on
Conference_Location :
Cambridge, MA
Print_ISBN :
978-0-7695-3698-9
Electronic_ISBN :
978-0-7695-3698-9
DOI :
10.1109/NCA.2009.14